The Event Activity widget on the Symantec Advanced Threat Protection (ATP) Dashboard in ATP Manager provides information about the malicious files that were detected in your network, web, endpoint, and email environments. Malicious files are the files that were flagged or blocked based on their detection as known threats.
When a file is detected as malicious, Symantec Endpoint Protection creates a conviction event that captures information about that event. The Event Activity widget provides information about these events based on their conviction type. As you filter through this widget, you can select one of these events to display its Entity Details page. From there, you can take additional action against that entity, such as adding the malicious file to your Blacklist.
This widget displays information from the Network, Web, Endpoint, and Email widgets, which you can select individually to view additional information about each of those control points.
The event activity appears in the form of a red area chart that depicts the total number of malicious events for each control point (network, web, endpoint, and email). You can click through various parts of the Event Activity widget to view additional information:
Click 7d, 1m, 3m, or All to view the information for the last 7 days, 1 month, 3 months, or all dates. The default is 7 days.
Hover over the chart to display the total number of malicious events for each control point for a particular day.
Click the dot within a control point to view a list of malicious events for that day.
Click Network, Web, Endpoint, or Email to view additional information about the malicious events for those control points.